Scam email lead to Keylogger. Beware!


Among a lot of various scam emails about “post express“, we found one email that is unfamiliar, and pretty sure this is a different malware, with subject “Available for pickup“, and included an executable attachment file, “Sent.exe“.

Dear Sir
I have just returned and received your message — it is 2:25 am in Vancouver.

I have received a communication from your partner (I am forwarding it separately) and am waiting for an official translation that I will then take up with my colleagues.

Hence, the funds has been sent via western union and money gram respectively

REF: 9310 5521 Amount: 3000 CAD
MTCN: 764 327 9355 Amount: 2000 CAD

The payment receipt is attached in a single file

I hope to hear from you soonest

Both payments are available for  pick up

Sebat

We try to dig it deeper with the attachment, and found out that this is a Keylogger. From the decrypted configuration file, we can see the used SMTP server and the target email address for sending the report.

All recorded keystroke will be send to the target email address, including your IP, computer name, and the user name.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Keep update your Emsisoft Anti-Malware, and always stay alert and be cautious with everything you receive.

Arief Prabowo

What to read next